Netzgemeinde Hubzilla
Anmelden
Registrieren
Netzgemeinde Hubzilla
Anmelden
Registrieren
System Apps
Fehler melden
Hilfe
QRator
Sprache
Suche
Verzeichnis
Zufälliger Kanal
Setting up a secure blog (or any kind of website) using hugo, certbot, haproxy, and crowdsec
Thu, 25 Jul 2024 02:26:43 +0200
zuletzt bearbeitet: Thu, 25 Jul 2024 02:27:06 +0200
Profil ansehen
h0bbl3s
via
Linux
h0bbl3s@lemmy.world
This is my first post on my new site, I hope someone finds it helpful!
59
59 Gefällt mir
SmoochyPit
TTH4P
jbrains
bsergay
Telorand
totally_notAcat (she/her)
nnullzz
pipe01
adhocfungus
wildbus8979
Dotdev
ℛ𝒶𝓋ℯ𝓃
Uncurious3512
Irdial
hydroxycotton
federino
Libertus
jodawznev
Kandy4me
Zachariah
Stalins_Spoon
rdschouw
SingularEye
Solar Bear
Acceus
SmokeInFog
Squibbles
Vedanth01
lamermann
stiephelando
root
Steven Saus
slazer2au
Strit
Zloubida
Jolan
negi
Lucy :3
Someonelol
far_university190
Rozaŭtuno
doodleon
ArcticDagger
Daniel Phan
theshatterstone54
Wappen
FrostyCaveman
rjb
Tramort
Tanka
Strawberry
OWO_I_OWO
b8sell
harrys_balzac
lemonuri
gamesiati
linucs
milo
MazonnaCara89
3
fart_pickle
corsicanguppy
dubba
Link zur Quelle
show all
11 comments
Thu, 25 Jul 2024 05:28:13 +0200
Profil ansehen
matcha_addict
matcha_addict@lemy.lol
Is it just as secure doing this (with crowdsec) vs hosting on a rented server from a cloud provider?
1
FrostyCaveman
Link zur Quelle
Thu, 25 Jul 2024 05:44:35 +0200
Profil ansehen
Alexander Goeres
jabgoe2089@hub.netzgemeinde.eu
first thing is to install snapd an a perfectly fine debian 12???
16
16 Gefällt mir
SingularEye
Shifty
Zloubida
something_random_tho
Lucy :3
delirious_owl
keisatsu
dingdongitsabear
0_0
Daniel Phan
kif
FrostyCaveman
mostlikelyaperson
rutrum
jan75
reddeadhead
Link zur Quelle
Thu, 25 Jul 2024 05:49:50 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
My site is on a rented server at digital ocean. Some providers do more or less to protect you themselves though. I don’t think digital ocean does much monitoring or protecting, I’ve had servers on there compromised in the past that would have been caught by my current setup. It can’t hurt in any case.
I also run crowdsec on my home setup but I don’t have any open ports at home and never get alerts. I had suricata running and plugged into crowdsec as well so it would handle blocking for both, but suricata never got to get any action with crowdsec blocking malicious activity, so I disabled it to save resources.
2
FrostyCaveman
Fonzie!
Link zur Quelle
Thu, 25 Jul 2024 05:51:42 +0200
zuletzt bearbeitet: Thu, 25 Jul 2024 06:16:37 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
I know I know. If you wanna install certbot another way feel free. Share it with me I’m sure it’ll take up less space. I only did it that way because it’s the certbot official©®™ instructions. That and I had issues with the other method I tried.
3
Zloubida
Daniel Phan
reddeadhead
Link zur Quelle
Thu, 25 Jul 2024 06:53:01 +0200
Profil ansehen
nerdovic
nerdovic@discuss.tchncs.de
I like docker and traefik, traefik has let’s encrypt built-in.
3
krash
Strit
Fonzie!
1
something_random_tho
Link zur Quelle
Thu, 25 Jul 2024 06:58:47 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
I’ve got plenty of experience with docker and I’ve heard of traefik but never used it. Thanks, I’m gonna look into it.
1
Fonzie!
Link zur Quelle
Thu, 25 Jul 2024 08:44:47 +0200
Profil ansehen
exu
exu@feditown.com
I can really recommend acme.sh if you wanted to try a certbot alternative.
5
Zloubida
kif
mikaljo
OWO_I_OWO
Fonzie!
Link zur Quelle
Thu, 25 Jul 2024 09:21:17 +0200
Profil ansehen
keisatsu
keisatsu@infosec.pub
apt install python3-certbot :)
4
kif
Cozog
Fonzie!
static
Link zur Quelle
Thu, 25 Jul 2024 09:46:46 +0200
Profil ansehen
lemmyvore
lemmyvore@feddit.nl
Or a docker image with Nginx Proxy Manager. You get a working reverse proxy, an automatically renewing certbot, easy to use UI, plus a working nginx install that you can use for serving static files, forward proxy etc.
1
Fonzie!
1
kif
Link zur Quelle
Thu, 25 Jul 2024 10:26:41 +0200
Profil ansehen
FrostyCaveman
FrostyCaveman@lemm.ee
Thanks for sharing! TIL about crowdsec
2
univers3man
Fonzie!
Link zur Quelle
Thu, 25 Jul 2024 12:02:03 +0200
Profil ansehen
mostlikelyaperson
mostlikelyaperson@lemmy.world
Another thing you could check out is Caddy, comes with a lot of stuff onboard and has an optional crowdsec module (though I should point out that I never used that module myself so I can’t make guarantees how well it works)
caddyserver.com
2
reddeadhead
fubarx
Link zur Quelle
Konversationsmerkmale
Lädt...
Konversationsmerkmale
Lädt...
Anmelden
E-Mail oder Kennung
Kennwort
Angaben speichern
Anmelden
Registrieren
Zurücksetzen des Kennworts
Entfernte Authentifizierung
